TechSpot

Neteller funds stolen - do I have a virus/keylogger/etc?

By will111
Jul 27, 2010
  1. Im running Windows 7 Home premium. I recently got back home from a 2 week vacation and went to check my balance on Neteller and saw that there have been 4 transfers that I didnt make totalling 7,5k dollars. Two of them were on the 21st July to a site I never played at and two of them on the 24th and 25th July were to 2 different email addresses listed as Neteller accounts.

    I called Neteller and they have locked the accounts and started invstigating as of now, I expect a call from them today. They told me my email address was changed on July 12th something I didnt do, I assume this was done so I wouldnt see the transfers being made as I received no email notifications.

    My logs are attached.

    GMER

    First I get a warning saying that C:\windows\system32\config\system cannot be found (I later, when I click scan, get a message telling me that C:\windows\system32\config\system is being run by another process). Then I cant tick all the boxes except: Services, registry, Files and ADS. The file I save is empty when I open it. I read on some forum that GMER cant run on 64x Windows 7. I dont know what to do about this.
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You need to keep the system off of the internet and do a complete reformat/reinstall.

    No stopping to try and clean. Make sure all the previous passwords have been changed. When you get set up again, you can create new passwords.

    At this point, it doesn't matter whether it was a keylogger or other. The system has been compromised. But when you get back up, you will need to check any files you save and make sure the system is clean again.

    And about those poker games you play online> I would guess that the first suspect would be related to them.
     
  3. will111

    will111 TS Rookie Topic Starter

    Im sorry I dont understand. If there is no keylogger/virus/rootkit why would I reinstall my OS? If the system is clean can I not assume he got my password because of negligence of not keeping safe passwords/easy to crack password for my email?

    You still recommend a complete reinstall?
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    will, hopefully you have read the message and suggestion from jobeard. I am not understanding how it is that you have come to this conclusion:

    And you think this is so because..............? Or are you thinking we'll just clean what we can find and you can continue as usual?

    You can't afford to 'assume' anything. You don't know how your system was breached. You don't know what other information was taken.
     
  5. will111

    will111 TS Rookie Topic Starter

    Hi

    Thanks kindly for your help. I have run every antivirus and antimalware programme I could find and all of them just came back with cookies and nothing else. But you are right I dont know how it happened, I thought the logs would help someone understand what happened.

    I am going to reinstall my OS today with a Win 7 disc and do a clean sweep. I appreciate you taking the time and helping me. Kindly thanks!
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I was thinking about your problem last night and the timing. It's seems a reasonable guess that you were not using this system during the 2 weeks of vacation- since you didn't discover anything until you returned. Consider this: if there was a keylogger on the system, the password theft could have been found at any time and stored by the thief. Waiting until you weren't active on the system could have allowed them to make the transactions during that time with less chance of being discovered.

    So, in the real world of paranoia, what online source knew you would be gone for the 2 weeks? Did you mentioned this on any game sites, Message board?


    I think you have made the right decision. When you get back up and running, here are some tips for added security:

    Please follow these simple steps to keep your computer clean and secure:


    Stay current on updates:
    • Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates: Windows XP> SP2, SP3.
    • Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
    • Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

    Make Internet Explorer safer. Follow the suggestions HERE This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.

    Do regular Maintenance
    • Remove Temporary Internet Files regularly:
      [o]ATF Cleaner by Atribune
      OR
      [o]TFC
    • Disable and Enable System Restore:
      [o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.

    Have layered Security:
    • Antivirus Software(only one): Both of the following programs are free and known to be good:
      [o]Avira Free
      [o]Avast Home
    • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o] Zone Alarm
    • Antispyware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
      [o]IE/Spyad This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
      [o]MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
      [o]Google Toolbar Get the free google toolbar to help stop pop up windows.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...